CVE-2014-2554
https://notcve.org/view.php?id=CVE-2014-2554
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. OTRS 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a atacantes remotos realizar ataques de clickjacking a través de un elemento IFRAME. • http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html http://www.otrs.com/security-advisory-2014-05-clickjacking-issue • CWE-20: Improper Input Validation •
CVE-2014-2553
https://notcve.org/view.php?id=CVE-2014-2553
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores relacionados con campos dinámicos. • http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html http://secunia.com/advisories/57616 https://www.otrs.com/security-advisory-2014-04-xss-issue • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •